Privacy policy

Date: 9/2/19

We are committed to safeguarding the privacy of our website visitors, prospective customers, customers and suppliers; in this policy we explain how we will handle your personal data.

This policy applies where we are acting as a data controller with respect to the personal data of our website visitors, prospective customers, customers and suppliers; in other words, where we determine the purposes and means of the processing of that personal data.

Visiting this website:We log the IP address, geographical location, browser type / version and operating system as well as a timestamp on our server log.
Our security software (third party provider) automatically collects search queries and the date and time of the request and referral URL. Depending on the settings of the device, it also automatically collects: IP address; MAC address; Device make, model and operating system version; mobile network information; internet service provider; browser type and language; country and time zone in which the Device is located; and metadata stored on the Device.

Personal data we obtain directly from you may include (via enquiry form, email, social media, phone call, post or in person):– Full name
– Trading or business name
– Telephone number
– Email address
– Job title
– Address and postcode (and / or property photoshoot address and postcode)
– Signature
– We may hold BACS details for suppliers
– Any other relevant information you choose to share or required

Email:
If you send us an email, the email will contain meta data (this may include name, email address along with a time stamp) and any other information you choose to share with us. It is your responsibility to make sure that your email and attachments are virus free and sent from a reputable provider.

Telephone:
Your telephone number will get logged on our device if you call us (unless you withheld your number). You may also choose to leave a voicemail.

From a third party (from an estate agent – only applies if we invoice you or send photos directly to you):
For the purposes of Property Photography we may have been passed your name, address, telephone number and / or email address from an estate agent (under a data processing agreement). If you are paying us directly, we will be the data controller and use your personal data in line with this policy.

2.1 We process data when you use our website (“usage data”). The source of the usage data is our website security provider and may include search queries and the date and time of the request and referral URL. Depending on the settings of the device, it also automatically collects: IP address; MAC address; Device make, model and operating system version; mobile network information; internet service provider; browser type and language; country and time zone in which the Device is located; and metadata stored on the Device. This usage data may be processed for the purposes of helping to secure our website. The legal basis for this processing is our legitimate interests, namely monitoring and protecting our website.

2.2 We may process your prospect / customer account data (“account data”). The account data may include name, business name, address and / or photoshoot address, telephone number(s) and email address(es). The account data may be processed for the purposes of providing services/products, general administration, managing the account, recovering or collecting overdue payments, ensuring the security of our services, maintaining backups of our databases, workflow management of our diary and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our business and recovering debts owed to us.

2.3 We may process information relating to transactions, including purchases of services/products, that you enter into with us (“transaction data”). The transaction data may be processed for the purpose of supplying the purchased services/products and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our business.

2.4 We may process information that you provide to us for the purpose of updating you on changes to our business, products or services (“notification data”). The legal basis for this processing is our legitimate interests, namely the proper administration of our business and communications with customers.

2.5 We may process supplier account data which may include name(s), business name, address, telephone number, email address and BACS details (“supplier data”). The supplier data may be processed so that we can purchase products/services from suppliers. The legal basis for this processing is our legitimate interests, namely to fulfil our contractual obligations and communicate with suppliers.

2.6 We may process customer account data and transaction data for the purposes of defining types of customers for our products/services and analyse our financial performance (“statistical data”). The legal basis for this processing is our legitimate interests, namely to inform our marketing strategy and improve our business.

2.7 We may process information contained in or relating to any communication that you send to us by email, post, voicemail or any similar communications (“message data”). The message data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the contact forms. The message data may be processed for the purposes of communicating with you (including where appropriate sending you sales or marketing materials), following up on communications and record keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our business and communications with suppliers, prospective customers and customers.

2.8 We may process any of your personal data identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

2.9 In addition to the specific purposes, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject (for example: HMRC tax reporting), or in order to protect your vital interests or the vital interests of another natural person.

Providing us with your personal data for the purposes of providing goods or services is a contractual requirement (unless we obtain it from a third party), as such you are obliged to provide this information.

It is your choice on whether to provide personal data, but if you decide you don’t want to provide us with your personal data, in turn we may not be able to provide more information or enter into a contract with you to provide goods and / or services.

We do not sell or share personal data for marketing purposes. We use third party systems and advisers to help us run our business, these have access to personal data and can only use it for the purposes as we set out in accordance with our contractual instructions.

Emails:
We do not authorise any third parties to access our email mailbox without our written permission. Our email and website server is based in England, UK.

Transferring photo files (via email to you):
We use third party provider, WeTransfer to transfer large files (e.g. property photos). We use your email address, first name or surname and message content (usually mentioning the property) along with the attached file which is labelled with your property address. This information is stored for 12 months by WeTransfer.

Social Media Interactions:
We use third party provider, Hootsuite to manage our social media interactions. If you contact us or interact with us through social media (private or direct message) it may be stored by Hootsuite for up to 3 months.

Accountant, professional advisors, courts of law and insurance:
We may disclose your personal data to our accountant, insurers, court of law and/or professional advisers insofar as reasonably necessary for the purposes of completing our end of year accounts, obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes in court.

Security Software Provider (for our website):
We disclose to our security software provider data automatically collected when using our website for the purposes of security. It automatically collects search queries and the date and time of the request and referral URL. Depending on the settings of the device, it also automatically collects: IP address; MAC address; Device make, model and operating system version; mobile network information; internet service provider; browser type and language; country and time zone in which the Device is located; and metadata stored on the Device.

Cloud accountancy system and CRM:
We use third party provider, KashFlow in the UK for our cloud accountancy system and client relationship management (CRM). This may include invoices, purchases, name, address, postcode, telephone number and email address. This system is a processor on our behalf to provide the software and system. They may access your personal data in order to provide system support.

Print suppliers and delivery companies:
We may disclose personal data (this may include name, company name, phone number, email address, address and postcode – we only share the minimal amount of data required for that purpose) to our print suppliers or delivery companies insofar as reasonably necessary for providing a service or product on our behalf (for example, our print suppliers will only use your personal data to deliver your parcel). The supplier or subcontractor is only permitted to use your data to perform the required business function necessary in providing the service or product.

IT service, support and system providers:
We may disclose personal data to IT service, support and system providers who carry out work on our behalf or provide systems to us.

Legal obligation:
In addition to the specific disclosures of personal data set out in Section 4, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).

For suppliers or third party service providers that are situated in the United Kingdom and the EU (including but not limited to; our email and website hosting provider in the UK, accountancy and CRM software provider in the UK, and WeTransfer file delivery provider in the Netherlands). The European Commission has made an “adequacy decision” with respect to the data protection laws of each of these countries.

Our website security provider is situated in the USA. Transfers to this country will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.

Our social media management tool, Hootsuite are situated in Canada. Transfers to this country will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Enquiry correspondence and quotes will be kept for up to 6 months unless you tell us that you are not taking your enquiry any further.

We will keep written contracts generally for up to 6 years after termination along with any correspondence and notes we deem necessary for proper business administration and record keeping should we require legal defence or insurance cover. In some cases, we may keep contracts and correspondence indefinitely if it relates to Intellectual Property.

Customer account data and transaction data (which may include name, business/company name, address and postcode), invoices and purchases will be kept for 7 years from the date of your last transaction to comply with HMRC tax reporting and record keeping obligations. We may remove telephone number and email address from customer accounts when no longer required.

Usage data is deleted from our server log within 24 hours from the time of last visiting our website (deleted automatically), and are kept by our security software provider indefinitely until there is no further need.

We use an SSL (secure socket layer) certificate on our website (you can see this by the “green padlock” in your browser). This encrypts the link between the website server and the end user.

Our emails and enquiry form are sent using SSL connection over SMTP. However emails cannot be 100% secure, this is due to the way the internet works. We cannot accept responsibility as it’s out of our control.

We have put in place suitable technical and physical measures for any systems we use where personal data is present.

In this Section 9, we have summarised the rights that you have under data protection law.

The right to access your personal data:
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

The right to rectification:
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

The right to erasure:
In some circumstances you have the right to the erasure of your personal data without undue delay. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

The right to restrict processing:
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

The right to object to processing:
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

The right to data portability:
To the extent that the legal basis for our processing of your personal data is consent or for the performance of a contract (or taking steps to enter into a contract), and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

The right to complain to a supervisory authority:
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority. In the UK it is the Information Commissioners Office – https://ico.org.uk/ who are responsible for data protection enforcement.

You may exercise any of your rights in relation to your personal data by written notice to us – either by our mailing address or emailing info@adamrichardjones.co.uk